COBIT 5. COBIT 5 Online Collaborative Environment

Similar documents
COBIT 5. COBIT 5 Online Collaborative Environment

COBIT 5. COBIT 5 Online Collaborative Environment

Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.

COBIT 5 Foundation Exam

If It s not a Business Initiative, It s not COBIT 5

Selftestengine COBIT5 36q

Braindumps COBIT5 50q

Changes Reviewed by Date. JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology: Issa Laty. CIO, Jordan- Mohammad Aburoub

IT Assurance Services And Role Of CA In BPO-KPO. IT Enabled Services And Emerging Technologies

Governance SPICE. Using COSO and COBIT Process Assessment Models BPM GOSPEL

COBIT 5: IT is complicated. IT governance does not have to be

Governance and Management of Information and Related Technologies Guide. Prepared for Jordan Ahli Bank

Risk Management Strategy

Portfolio, Program and Project Management Using COBIT 5

IT Management & Governance Tool Assess the importance and effectiveness of your core IT processes

Enterprise Architecture and COBIT

ISC: UNRESTRICTED AC Attachment. Virtual Desktop Information Technology

IS STRATEGY & ICT GOVERNANCE PLAN FOR VICROADS

Assistant Regional Asset Manager EU, Wider Europe and Americas. Department/Country Global Estates. Duration of job

COBIT 5 for Business Benefits Realization: A Preview. Sushil Chatterji, CGEIT

COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY

COBIT 5. Jimmy Heschl. Process Analytics and Control. Wien, April 12

Education Quality Development for Excellence Performance with Higher Education by Using COBIT 5

ENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA

The Value of IT Frameworks

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali

BT Identity and Access Management Quick Start Service

ISMS AUDIT CHECKLIST

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

Building an. Effective Board

KING III IT GOVERNANCE ALIGNED TO. Simon Liell-Cock Julio Graham Peter Hill CISA CISM CGEIT

Role Description Head of Information & Digital Technology

Proposed IT Governance at Hospital Based on COBIT 5 Framework

ISACA. The recognized global leader in IT governance, control, security and assurance

IT and Enterprise Governance By Michael J. A. Parkinson, CISA, CIA, and Nicholas J. Baker, CPA

Our Corporate Strategy Information & Intelligence

This resource is associated with the following paper: Assessing the maturity of software testing services using CMMI-SVC: an industrial case study

Guidelines for Information Asset Management: Roles and Responsibilities

ASSET MANAGEMENT SERVICES

Internal Audit of ICT Governance in WFP. Office of the Inspector General Internal Audit Report AR/15/11

Governance in a Multi-Supplier Environment

HRIS TECHNICAL ARCHITECT ST VINCENT S HEALTH AUSTRALIA POSITION DESCRIPTION

SUSTAINABILITY STRATEGY

DUBAL s ISO based ERM Program

Experience at Hinkley Point C: building Information Modelling (bim) and Enterprise Lifecycle Management Solutions Presented By: Sue Hewish & Jason

Business Context of ISO conform Internal Financial Control Assessment

COBIT 5. Isaca - COBIT 5 COBIT 5 Foundation Version: 4.0

Risk awareness in conducting business. Why is it worth to implement risk management progamme? - Marcin Marczewski, Konrad Roziewski - SASMA TEAM

Improved Risk Management via Data Quality Improvement

Advisory Services Governance, Risk & Compliance

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Guidelines for information security management systems auditing

Transactional Products and Services Our Capabilities

Information Governance Policy

Environmental and Social Policy Management Systems for Financial Institutions (FI) February 2016

ASSURANCE FRAMEWORK. A framework to assure the Board that it is delivering the best possible service for its citizens SEPTEMBER 2010.

INTEGRATED APPLICATION LIFECYCLE MANAGEMENT

ITIL Foundation Instructor-led Live Online Training Program

Digital and Technology Solutions Specialist Degree Apprenticeship standard (Level 7)

( %)'* + 7# (&)*)')%&&+)*)-.)/##############################################################!

Enterprise intelligence in modern shipping

Measuring and Improving Information Technology Governance through the Balanced Scorecard

Guidance for Smaller Public Companies Reporting on Internal Control Over Financial Reporting Exposure Draft

Recognised for Excellence

Internal audit operating at the strategic level

Risk Management Policy

Practical Process Improvement: the Journey and Benefits

Applying Integrated Assurance Management Scenarios for Governance Capability Assessment

Harbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2015

Business Principles. Business Principles

DECISION 10/2014/GB OF THE GOVERNING BOARD OF THE EUROPEAN POLICE COLLEGE ADOPTING THE EUROPEAN POLICE COLLEGE S INTERNAL CONTROL STANDARDS AND

Telehealth Quality Planning Guidelines and their relevance to Architecture, Maturity Models, and Implementation

Response to Consultation on Governance Arrangements for the UPI: Key Criteria and Functions

MECHANICAL JOINT INTEGRITY ROUTE TO COMPETENCE GUIDANCE. Working together to prevent hydrocarbon releases through safety critical competence

Taking ERM to a. 6 GRC Today / October 2015

Authors: Steven Jewell Assistant Director IT and e-government Tel: ; Paul Fleming Systems Architect

Operational Excellence:

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

INTERNATIONAL STANDARD

CORPORATE GOVERNANCE KING III COMPLIANCE

ISO Standards in Strengthening Organizational Resilience and Mitigating Risk while Addressing Quality and Sustainability

COURSE DESCRIPTION CUSTOMER EXPERIENCE MANAGEMENT IN TELECOMS. Format: Classroom. Duration: 2 Days

Job Description. Department

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Operating Management System Framework

1010 La Trobe Street Docklands Victoria

Rules, Procedures, and Internal Controls Manual BRAM Bradesco Asset Management

Using assessment & benchmarking techniques as a strategic approach to drive Continual Service Improvement

NSW DIGITAL GOVERNMENT STRATEGY. digital nsw DRIVING WHOLE OF GOVERNMENT DIGITAL TRANSFORMATION DESIGNING IN OUR NSW DIGITAL FUTURE

Director Procurement & Value Delivery

Australian Standard 8015 : 2005

A Risk Management Process for Information Security and Business Continuity

WHITE PAPER The Three Stages of Harnessing Inventory in the S&OP Journey. Executive Summary

The CIPD profession map: a guide

ISO 14001: 2015 Environmental Gap Analysis

Record requests, Capture events, Analyze results and trends. Prioritize based in facts and finding.

Group Chief Risk Officer

Portfolio Management Professional

CFAM4.2.1 Develop advertising strategy

Transcription:

COBIT 5 Product Family COBIT 5 COBIT 5 Enabler Guides COBIT 5: Enabling es COBIT 5: Enabling Information Other Enabler Guides COBIT 5 Professional Guides COBIT 5 Implementation COBIT 5 for Information Security COBIT 5 for Assurance COBIT 5 for Other Professional Guides COBIT 5 Online Collaborative Environment Source: COBIT 5 for, figure 1 COBIT 5 Principles 1. Meeting Stakeholder Needs 5. Separating From COBIT 5 Principles 2. Covering the Enterprise End-to-end 4. Enabling a Holistic Approach 3. Applying a Single Integrated Framework Source: COBIT 5, figure 2 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA Phone: +1.847.253.1545 Fax: +1.847.253.1443 Email: info@isaca.org Web site: www.isaca.org

COBIT 5 Goals Cascade Overview Stakeholder Drivers (Environment, Technology Evolution, ) Stakeholder Needs Influence Benefits Realisation Resource Cascade to Enterprise Goals Cascade to IT-related Goals Cascade to Enabler Goals Source: COBIT 5, figure 4 Selected Guidance From the COBIT 5 Family These charts and figures are elements of COBIT 5 and its supporting guides. This excerpt is available as a complimentary PDF (www.isaca.org/cobit) and for purchase in hard copy (www.isaca.org/bookstore). It provides an overview of the COBIT 5 guidance, its five principles and seven enablers. We encourage you to share this document with your enterprise leaders, team members, clients and/or consultants. COBIT enables enterprises to maximise the value and minimise the risk related to information, which has become the currency of the 21 st century. COBIT 5 is a comprehensive framework of globally accepted principles, practices, analytical tools and models that can help any enterprise effectively address critical business issues related to the governance and management of information and technology. Additional information is available at www.isaca.org/cobit.

and in COBIT 5 Objective: Value Creation Benefits Realisation Resource Enablers Scope Roles, Activities and Relationships Source: COBIT 5, figure 8 Key Roles, Activities and Relationships Roles, Activities and Relationships Owners and Stakeholders Delegate Accountable Governing Body Set Direction Monitor Instruct and Align Report Operations and Execution Source: COBIT 5, figure 9 COBIT 5 and Key Areas Business Needs Evaluate Direct Feedback Monitor Plan (APO) Build (BAI) Run (DSS) Monitor (MEA) Source: COBIT 5, figure 15

Two s on Function The risk function perspective describes how to build and sustain a risk function in the enterprise by using the COBIT 5 enablers. Function es Information COBIT 5 Enablers Organisational Structures Principles, Policies and Frameworks Services, Infrastructure and Applications Culture, Ethics and Behaviour People, Skills and Competencies The risk management perspective looks at core risk governance and risk managment processes and risk scenarios. This perspective describes how risk can be mitigated by using COBIT 5 enablers. Source: COBIT 5 for, figure 8 Scope of COBIT 5 for COBIT 5 for es Information COBIT 5 Enablers for the Function Organisational Structures Principles, Policies and Frameworks Services, Infrastructure and Applications Culture, Ethics and Behaviour People, Skills and Competencies Function Core es Scenarios Mapping Scenarios to COBIT 5 Enablers COBIT 5 Framework COBIT 5: Enabling es COSO ERM ISO 31000 ISO/IEC 27005 Others ITIL. ISO/IEC 20000 ISO/IEC 27001/2 Others Enterprise Standards IT Frameworks Source: COBIT 5 for, figure 10

The (AP012) Scenario Overview All Related Enablers Principles, Policies and Frameworks Organisational Structures Culture, Ethics and Behaviour APO12.01 Collect Data APO12.02 Analyse APO12.03 Maintain a Profile Top Down Business Goals Identify business objectives. Identify scenarios with highest impact on achievement of business objectives. Scenarios Factors Internal Environmental Factors External Environmental Factors Information Services, Infrastructure and Applications People, Skills and Competencies APO12.04 Articulate APO12.05 Define a Action Portfolio APO12.06 Respond to Identify hypothetical scenarios. Reduce through high-level analysis. Generic Scenarios Bottom Up Capabilities IT-related Capabilities Source: COBIT 5 for, figure 34 Scenario Structure Threat Type Malicious Accidental Error Failure Nature External requirement Event Disclosure Interruption Modification Theft Destruction Ineffective design Ineffective execution Rules and regulations Inappropriate use Asset/Resource People and skills Organisational structures Infrastructure (facilities) IT infrastructure Information Applications Actor Internal (staff, contractor) External (competitor, outsider, business partner, regulator, market) Scenario Time Duration Timing occurrence (critical or non-critical) Detection Time lag Source: COBIT 5 for, figure 36

Supporting es for the Function es for of Enterprise IT Evaluate, Direct and Monitor EDM01 Ensure Framework Setting and Maintenance EDM02 Ensure Benefits Delivery EDM03 Ensure EDM04 Ensure Resource EDM05 Ensure Stakeholder Transparency Align, Plan and Organise Monitor, Evaluate and Assess APO01 Manage the IT Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture APO04 Manage Innovation APO05 Manage Portfolio APO06 Manage Budget and Costs APO07 Manage Human Resources APO08 Manage Relationships APO09 Manage Service Agreements APO10 Manage Suppliers APO11 Manage Quality APO12 Manage APO13 Manage Security MEA01 Monitor, Evaluate and Assess Performance and Conformance Build, Acquire and Implement BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI05 Manage Organisational Change Enablement BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning MEA02 Monitor, Evaluate and Assess the System of Internal Control BAI08 Manage Knowledge BAI09 Manage Assets BAI10 Manage Configuration Deliver, Service and Support DSS01 Manage Operations DSS02 Manage Service Requests and Incidents DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Controls MEA03 Monitor, Evaluate and Assess Compliance With External Requirements es for of Enterprise IT This figure highlights the key supporting COBIT 5 processes (shown in dark pink), as well as the other supporting processes (shown in light pink). The core risk processes are shown in light blue. Source: COBIT 5 for, figure 18

COBIT 5 Enterprise Enablers 2. es 3. Organisational Structures 4. Culture, Ethics and Behaviour 1. Principles, Policies and Frameworks 5. Information 6. Services, Infrastructure and Applications Resources 7. People, Skills and Competencies Source: COBIT 5, figure 12 COBIT 5 Enablers: Generic Enabler Dimension Stakeholders Goals Life Cycle Good Practices Internal Stakeholders External Stakeholders Intrinsic Quality Contextual Quality (Relevance, Effectiveness) Accessibility and Security Plan Design Build/Acquire/ Create/Implement Use/Operate Evaluate/Monitor Update/Dispose Practices Work Products (Inputs/Outputs) Enabler Performance Are Stakeholders Needs Addressed? Are Enabler Goals Achieved? Metrics for Achievement of Goals (Lag Indicators) Is Life Cycle Managed? Are Good Practices Applied? Metrics for Application of Practice (Lead Indicators) Source: COBIT 5, figure 13

The Seven Phases of the Implementation Life Cycle 6 Did we get there? 5 How do we get there? 7 How do we keep the momentum going? Realise benefits Embed new Execute plan approaches Review effectiveness Operate and use Operate Sustain and measure Implement improvements Monitor and evaluate Build improvements Identify role players Plan programme 4 What needs to be done? 1 What are the drivers? Initiate programme Establish desire to change Recognise need to act state Define target Assess current state Form implementation team outcome Communicate Define problems and opportunities Define road map 3 Where do we want to be? 2 Where are we now? Programme management (outer ring) Change enablement (middle ring) Continual improvement life cycle (inner ring) Source: COBIT 5, figure 17 and COBIT 5 Implementation, figure 6 Summary of the COBIT 5 Capability Model Generic Capability Attributes Performance Attribute (PA) 1.1 Performance PA 2.1 PA 2.2 Performance Work Product PA 3.1 Definition PA 3.2 Deployment PA 4.1 PA 4.2 Control PA 5.1 Innovation PA 5.2 Incomplete Performed Managed Established Predictable Optimising 0 1 2 3 4 5 COBIT 5 Assessment Model Performance Indicators Outcomes COBIT 5 Assessment Model Capability Indicators Base Practices (/ Practices) Work Products (Inputs/ Outputs) Generic Practices Generic Resources Generic Work Products Source: COBIT 5, figure 19

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback